Microsoft has lifted the lid on a new security service designed to identify and respond to “advanced” attacks on companies’ networks.
With Windows Defender Advanced Threat Protection, Microsoft is looking to further bolster the security credentials of Windows 10 — its latest operating system and one that the company has long touted for its protection against online attacks. Windows 10 already offers tools such as Enterprise Data Protection, Device Guard, Credential Guard, and Windows Hello.
“Windows Defender Advanced Threat Protection provides a new post-breach layer of protection to the Windows 10 security stack,” explained Windows chief Terry Myerson in a blog post. “With a combination of client technology built into Windows 10 and a robust cloud service, it will help detect threats that have made it past other defenses, provide enterprises with information to investigate the breach across endpoints, and offer response recommendations.”
As well as building on its existing security suite, Microsoft is also furthering its mission to “reinvent productivity for a mobile-first, cloud-first world.” Indeed, as companies increasingly shift to the cloud, security becomes even more important, which is why Microsoft has been investing heavily in cloud security through a number of acquisitions. And just last week, Microsoft launched Azure Security Center Advanced Threat Detection for businesses that host virtual machines in Microsoft Azure.
Back in November, Microsoft also announced a new Cyber Defense Operations Center that it said will work around the clock and feature a direct pipeline to thousands of security specialists, across the company and elsewhere, who will serve to combat any incoming security threat.
In other words, if Microsoft is to be taken seriously as a company that will help your business thrive in the cloud, it has to be seen as taking security seriously too.
“We’re seeing increasingly brazen cyber attacks,” said Myerson. “Cybercriminals are well-organized with an alarming emergence of state-sponsored attacks, cyber espionage and cyber terror. Even with the best defense, sophisticated attackers are using social engineering and zero-day vulnerabilities to break in to corporate networks. Thousands of such attacks were reported in 2015 alone.”
Besides the time and money it takes to combat a cyber attack, the damage it can cause to a company’s reputation is something that money can’t always fix. And this is what Microsoft is banking on with its latest security offering — the general idea here is: “Come use our services, and we’ll give you peace of mind.”
But Windows Defender Advanced Threat Protection is all about providing protection after a breach has occurred — so if the first security barriers prove futile, this layer, which comprises technology built directly into Windows 10, as well as a cloud-based element, will kick in. It will detect the threat, according to Microsoft, and provide key information to help an enterprise investigate the breach. It will also provide recommendations from “the world’s largest array of sensors and expert advanced threat protection, including a team of experts at Microsoft and expert security partners,” as Myerson puts it. This sounds very much like the Cyber Defense Operations Center Microsoft discussed back in November.
It’s true that even with the best defense in place, breaches will still happen — so having damage limitation in place makes sense. But perhaps more than that, this could be seen as part of Microsoft’s efforts to encourage enterprises to upgrade to Windows 10, given that businesses have historically been slow to adopt new versions of Microsoft’s omnipresent operating system.
For now, the new service will remain in testing with some of Microsoft’s “early adopter” customers, but it will be made available “more broadly” later this year.